diff --git a/ssl/internal.h b/ssl/internal.h
index e082dda4..068f95f5 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -742,10 +742,6 @@ void ssl_write_buffer_clear(SSL *ssl);
  * configured and zero otherwise. */
 int ssl_has_certificate(const SSL *ssl);
 
-/* ssl_parse_x509 parses a X509 certificate from |cbs|. It returns NULL
- * on error. */
-X509 *ssl_parse_x509(CBS *cbs);
-
 /* ssl_session_x509_cache_objects fills out |sess->x509_peer| and
  * |sess->x509_chain| from |sess->certs| and erases
  * |sess->x509_chain_without_leaf|. It returns one on success or zero on
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 325da2fb..66edf37e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -449,20 +449,6 @@ int ssl_has_certificate(const SSL *ssl) {
   return ssl->cert->x509_leaf != NULL && ssl_has_private_key(ssl);
 }
 
-X509 *ssl_parse_x509(CBS *cbs) {
-  if (CBS_len(cbs) > LONG_MAX) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    return NULL;
-  }
-  const uint8_t *ptr = CBS_data(cbs);
-  X509 *ret = d2i_X509(NULL, &ptr, (long)CBS_len(cbs));
-  if (ret == NULL) {
-    return NULL;
-  }
-  CBS_skip(cbs, ptr - CBS_data(cbs));
-  return ret;
-}
-
 STACK_OF(CRYPTO_BUFFER) *ssl_parse_cert_chain(uint8_t *out_alert,
                                               EVP_PKEY **out_pubkey,
                                               uint8_t *out_leaf_sha256,